package com.spring.controller.web;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.web.filter.DelegatingFilterProxy;

import com.spring.domain.User;

public class SessionFilter extends DelegatingFilterProxy{
	private static final Logger logger = Logger.getLogger(SessionFilter.class);
	
	private List<String> avoidUrls;
	private List<String> typeAllowedAlways;
	private String loginPage;
	private String bypassAdminLoggedControl ; 

	public void destroy() {}

	public void doFilter(ServletRequest req, ServletResponse res,
			FilterChain chain) throws IOException, ServletException {
		logger.debug("ADMIN - SESSIONFILTER ");
		if(bypassAdminLoggedControl.equalsIgnoreCase("true")){
			logger.debug("ADMIN - RICHIESTA ABILITATA : BYPASS CHECKING USER - FOR DEVELOPER STAGING");
			chain.doFilter(req, res);
		}else{
			//logger.debug("**** URL PUBBLICI : ["+avoidUrls.toString()+"] ****************");
			HttpServletRequest request = (HttpServletRequest) req;
			HttpServletResponse response = (HttpServletResponse) res;
			String url = request.getServletPath();
			String context= request.getContextPath();
			boolean allowedRequest = false;
			
			//MANDO AVANTI RICHIESTE A LINK CENSITI COME PUBBLICI
			if (getAvoidUrls().contains(url)) {
				allowedRequest = true;
				logger.debug("ADMIN - RICHIESTA ABILITATA : URL NON PROTETTA:["+url+"]");
				chain.doFilter(req, res);
			}
			
			//MANDO AVANTI LA RICHIESTA DI RISORSE DI TIPO WEB DEL SITO
			for (Iterator<String> iterator = getTypeAllowedAlways().iterator(); iterator.hasNext();) {
				String type = iterator.next();
				if(url.endsWith(type)){
					allowedRequest = true;
					logger.debug("ADMIN - RICHIESTA ABILITATA : RICHIESTA RISORSA WEB:["+url+"]");
					chain.doFilter(req, res); 
				}
			}
			
	
			if (!allowedRequest) {
				User user = request.getSession().getAttribute("admin") != null ? (User)request.getSession().getAttribute("admin") : null;
				if (null == user) {
					logger.debug("ADMIN - RICHIESTA ANNULLATA : ["+url+"]  NO USER LOGGED > Redirigo alla login:"+getLoginPage()+"]");
					response.sendRedirect(context+"/login/loginPage.htm");
				}else{
					logger.debug("ADMIN - RICHIESTA ABILITATA : ["+url+"]  USER LOGGED >>>>> calling Url:["+url+"]");
					chain.doFilter(req, res);
				}
			}
		
		}
	}

	

	public List<String> getAvoidUrls() {
		return avoidUrls;
	}

	public void setAvoidUrls(List<String> avoidUrls) {
		this.avoidUrls = avoidUrls;
	}

	public String getLoginPage() {
		return loginPage;
	}

	public void setLoginPage(String loginPage) {
		this.loginPage = loginPage;
	}

	

	public List<String> getTypeAllowedAlways() {
		return typeAllowedAlways;
	}

	public void setTypeAllowedAlways(List<String> typeAllowedAlways) {
		this.typeAllowedAlways = typeAllowedAlways;
	}

	public String getBypassAdminLoggedControl() {
		return bypassAdminLoggedControl;
	}

	public void setBypassAdminLoggedControl(String bypassAdminLoggedControl) {
		this.bypassAdminLoggedControl = bypassAdminLoggedControl;
	}
}
